Handshake failed error

Hello,

I have a test architecture consisting of a Ziti Controller and a Ziti Edge Router. I can successfully connect to the Ziti Controller from another network without any issues. However, after connecting to the Ziti Controller, I am unable to access the server where the Edge Router is located. i can ping the server but cannot access port 22(even i added the port in services).Below are the logs.

I have installed both systems according to the Linux configuration. The Edge Router has connected successfully, and I can see its online status in the web UI.

--------Ziti Controller--------

{"_context":"tls:0.0.0.0:8440",
"error":"remote error: tls: bad certificate",
"file":"github.com/openziti/transport/v2@v2.0.159/tls/listener.go:257"
"func":"github.com/openziti/transport/v2/tls.(*sharedListener).processConn",
"level":"error",
"msg":"handshake failed",
"remote":"xxxx",
"time":"2025-03-10T17:03:31.931Z"}

--------Ziti Desktop Edge Service Logs------------

[2025-03-10T13:24:44.690Z]   ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-10T13:25:09.878Z]   ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-10T13:25:36.830Z]   ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-10T13:26:17.236Z]   ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-10T13:27:12.755Z]   ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-10T13:28:18.663Z]   ERROR ziti-edge-tunnel:tun.c:363 tun_read() failed to receive packet: 38
[2025-03-10T13:30:47.288Z]    INFO ziti-sdk:utils.c:198 ziti_log_set_level() set log level: root=3/INFO
[2025-03-10T13:30:47.288Z]    INFO ziti-sdk:utils.c:167 ziti_log_init() Ziti C SDK version 1.5.0 @ga39db85(HEAD) starting at (2025-03-10T13:30:47.288)
[2025-03-10T13:30:47.288Z]    INFO ziti-edge-tunnel:windows-scripts.c:326 remove_all_nrpt_rules() removing NRPT rules matching filter: $_.Comment.StartsWith('Added by ziti-edge-tunnel')
[2025-03-10T13:30:47.897Z]    INFO ziti-edge-tunnel:instance-config.c:72 load_tunnel_status_from_file() Loading config file from c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\config.json
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1443 run() ============================ service begins ================================
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1444 run() Logger initialization
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1446 run() 	- config file      : c:\windows\system32\config\systemprofile\appdata\roaming\netfoundry\config.json
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1448 run() 	- initialized at   : Mon Mar 10 2025, 16:30:47 PM (local time), 2025-03-10T13:30:47 (UTC)
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1449 run() 	- log file location: C:\Program Files (x86)\NetFoundry Inc\Ziti Desktop Edge\logs\service\ziti-tunneler.log.202503100000.log
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1451 run() 	- C SDK Version    : 1.5.0:HEAD@ga39db85
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1452 run() 	- Tunneler SDK     : v1.5.0
[2025-03-10T13:30:47.900Z]    INFO ziti-edge-tunnel:ziti-edge-tunnel.c:1453 run() ============================================================================
[2025-03-10T13:31:12.425Z]   ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout
[2025-03-10T13:31:33.353Z]   ERROR ziti-sdk:channel.c:757 ch_connect_timeout() ch[0] connect timeout

Hi @dogukane, welcome to the community and to OpenZiti!

Looking at the ZDEW logs you shared, it appears to me that the controller's url is possibly not public or possibly doesn't match the advertised address? The latter would surprise me, considering I added code to prevent the controller from starting if that were the sitiuation. My guess is that the ZDEW isn't able to connect to the controller probably due to a firewall issue?

Unfortunately there's not quite enough information provided in the snippets of logs for me to get a full picture of what's going on.

If you want, you could DM me here on discourse with the location of your controller and i can poke at it from my location to make sure it's accessible? You could also send me more logs to look at.

Other than that, you could try to open the controller's root url from the ZDEW to make sure it can connect.

So far it just seems like a firewall issue to me